Re: My O2 account was hacked! - Page 5

Anonymous · ‎30-09-2011

A couple of weeks ago I received an odd text from O2 informing me that I can upgrade my handset in September 2013. Now, I have a sim-only contract and haven't had a new handset from O2 in a number of years but I knew my contract was due to expire some time in late September so I checked my O2 account online. It seems that I now have a new tariff of £36 a month, which I knew nothing about and checking on down the page I spotted a completed order which turned out to be for an iPhone 4. Naturally I hadn't placed this. The Yodel tracking number revealed that it had been delivered to an address that wasn't mine the previous day.
I called O2 and discovered that my security question had been changed along with my home address and e-mail address. Someone had clearly managed to access my O2 account online and ordered himself a phone at my expense. Since the user name and password are known only to me, either O2's site security is extremely poor or someone inside O2 has accessed my information. Either way, I'm not impressed.
The customer service adviser was very helpful and promised that the fraud department would investigate and call me. However, eight days later I have heard no word from them and in the meantime I can do nothing about changing my contract while there is an issue with my account. I was planning to get a new phone, possibly the new iPhone when it comes out, but now I'm very concerned about O2's security. I've been with them for over ten years but I'm seriously considering whether I want to continue with them now.
The only piece of good news is that the phone was delivered one day and blacklisted the next.
Has anyone else had this happen? If so, how did O2 handle it?

perksie · ‎16-05-2012

This happened to me last November, I changed my password immediately and informed O2 Fraud, it was about 3 months before my account was fully back to normal.

No malware or any kind of dodgy software ever existed on my pc, so the failure was O2 allowing someone who could not pass the security questions on the phone, into my acccount.

It was fairly well handled by O2 but very slowly, and I'm surprised to hear it's started again.

In my case a new phone and contract was ordered for an address at the Isle of Dogs in London, 200 miles from where I live, but my account address had not been changed.

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

jonsie · ‎16-05-2012

You have to lay incidents like this entirely at O2's door. There is something seriously wrong with O2's security systems or someone not following the correct procedures to allow this to happen. I hope there are extensive investigations into these cases. It seems some of the most basic security precautions are not being followed. Someone has to be accountable.

Click Here For Social Media Support Links VirginmediaO2THIS IS NOT CUSTOMER SERVICE AND WE CANNOT ACCESS ACCOUNTS

Anonymous · ‎17-05-2012

Update. I received a call from O2's fraud team. They have promised to have my account fully restored within 24 hours. However the disturbing part of the conversation was the admission that there is no monitoring whatsoever of online transactions. I find that shocking and told them so. It makes me wonder whether I should stay with O2 but since the problem seems to exist elsewhere too I do not know if changing provider would improve matters significantly.

Anonymous · ‎17-05-2012

That's the second time the monitoring of sales calls has come up.

O2 need to address this - - - pronto

Anonymous · ‎17-05-2012

@Anonymous wrote:

O2 need to address this - - - pronto

O2 don't do pronto.......mañana maybe !

perksie · ‎17-05-2012

@O2MACH2 wrote:

@Anonymous wrote:

O2 need to address this - - - pronto

O2 don't do pronto.......mañana maybe !

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎17-05-2012

@perksie wrote:

@O2MACH2 wrote:

@Anonymous wrote:

O2 need to address this - - - pronto

O2 don't do pronto.......mañana maybe !

You mean like Boost Box manana - and O2 Connect manana?

Anonymous · ‎17-05-2012

Careful the Mods will be around shortly

Anonymous · ‎17-05-2012

As someone who works in a fraud dept in another industry... its amazing at some of the stuff posted here, by people who clearly have no idea..

Your name and address details are easily avaiable. To these people.

Think electorial roll.

Just put you name into 192.com or one of the other genealogy sites. You will be amazed at the level of detail that can be gleaned in no time.

Enough to cover a lot of peoples security details.

I can easily pull up mother maiden name/daughters name etc on mine..... Sadly the internet has made fraudsters lives a lot easier. No more rooting in bins for them....

The idea on blocking a account after failed attempts is fine, but the issue is how far to they get before they get rejected and can a certain account be matched to these details.

Not rung o2 for a long time, so not sure what details you have to give to get through security.

But if its stuff like name, address postcode then these are easily avaiable.... And then how many people forget their password etc. So end up getting these reset.

One thing that is clear. People ARE getting informed by text/email that they have ordered a new phone. So at least you get a notification.

You can't expect o2 to monitor every online/phone transaction against fraud.

Only thing I would say is that o2 think about putting a block on any deliverys of new phones for say 1 week after a change of address, and that a text/email is sent to confirm any change of address on a ccount. Which has to be confirmed.

Will upset a few people who change address and order a new phone. But could easily be sorted by them going to a branch.

Anonymous · ‎17-05-2012

@Anonymous wrote:

As someone who works in a fraud dept in another industry... its amazing at some of the stuff posted here, by people who clearly have no idea..

Your name and address details are easily avaiable. To these people.

Think electorial roll.

Just put you name into 192.com or one of the other genealogy sites. You will be amazed at the level of detail that can be gleaned in no time.

I put my name in 192.com, and got this level of detail

"There are no free results for your search, please try the following."